Package: base-passwd Version: 3.5.10 Severity: wishlist Hi there, Colin.
I recently installed some packages in my box to learn more about its security and vulnerabilities and, one of them, tiger gives some quite sensible recommendations. One of them is that the users backup, list and nobody (among others) should not have shells that are listed in /etc/shells. I tried changing their shells to something like /bin/false (which is what Dan Bernstein once recommended, if I am not mistaken), but, unfortunately, upon reinstallation of base-passwrd (due to some filesystem corruption), it offered to change back the shells to things listed in /etc/shells. Some of the recommendations given by tiger are really meaningful and I think that they should be followed for making a default Debian install a step closer to being more secure. Thanks for your efforts, Rogério Brito. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.13.2-1.hm Locale: LANG=C, LC_CTYPE=pt_BR (charmap=ISO-8859-1) Versions of packages base-passwd depends on: ii libc6 2.3.5-6 GNU C Library: Shared libraries an base-passwd recommends no packages. -- no debconf information -- Rogério Brito : [EMAIL PROTECTED] : http://www.ime.usp.br/~rbrito Homepage of the algorithms package : http://algorithms.berlios.de Homepage on freshmeat: http://freshmeat.net/projects/algorithms/
